About: Since EU supervisory authorities began GDPR enforcement in May of 2018, over 200 companies and government agencies have been punished for privacy and security failures by EU authorities. Those companies include both marquee and non-household brands where close to €400M in proposed fines were issued. The failures to comply were attributable to not having basic privacy and security practices in place. In this webinar, we will review several post-mortems, determine what went wrong, and discuss the implications for not complying with the privacy and security requirements of the GDPR going forward.
Key takeaways include:
-Understanding what regulators consider when issuing a penalty
-Generating better privacy success measurements by leveraging the NIST Privacy Framework and ISO 27701
-Applying these lessons for California Consumer Privacy Act (CCPA) compliance
Speaker: Scott M. Giordano, Esq., V.P., Data Protection, Spirion
Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Scott has held senior positions at several legal technology firms and is listed as co-inventor on Intelligent Searching of Electronically Stored Information, patent application no. 13/842,910. In addition, he taught the first law school course anywhere on electronic evidence and e-discovery. Scott is a member of the bar in Washington state, California, and the District of Columbia.